From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: Re: Removing the attic package Date: Mon, 05 Sep 2016 10:05:50 +0000 Message-ID: <87k2eqfypt.fsf@we.make.ritual.n0.is> References: <20160904021256.GA21539@jasmine> <874m5vvmi8.fsf@we.make.ritual.n0.is> <20160904184416.GB29947@jasmine> <87d1kirc4r.fsf@gnu.org> <20160905092956.GC23794@macbook42.flashner.co.il> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:41517) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bgqmu-0006lr-6s for guix-devel@gnu.org; Mon, 05 Sep 2016 06:06:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bgqms-00068e-0F for guix-devel@gnu.org; Mon, 05 Sep 2016 06:05:59 -0400 In-Reply-To: <20160905092956.GC23794@macbook42.flashner.co.il> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Efraim Flashner , Ludovic =?utf-8?Q?Court=C3=A8?= =?utf-8?Q?s?= Cc: guix-devel@gnu.org Efraim Flashner writes: > [ Unknown signature status ] > On Mon, Sep 05, 2016 at 10:20:36AM +0200, Ludovic Courtès wrote: >> Hi! >> >> Leo Famulari skribis: >> >> > >> > Do we have any guidelines about "retiring" packages? >> >> Not yet! >> >> Of course there’s a fine line here: we cannot systematically retire >> packages “just” because they have bugs (all of them do ;-)). So we have >> to be cautious. In this case, it can be considered a serious bug in the >> package’s core functionality, *and* there’s a fix provided by a fork, so >> I see no obstacle in removing it. >> >> What do people think? >> >> Thanks, >> Ludo’. >> > > I think it makes sense to change the description that this package is > slated for eventual removal. Another example is pinentry. We now have 4 > pinentry packages, and the original pinentry package just points to > pinentry-gtk. I think it would make sense in that case to change the > description to something like `the pinentry package in guix is > depreciated, please remove it and install pinentry-gtk to retain the > same functinality' or something along those lines. > > In this case something about attic having serious unpatched flaws, is > unmaintained, and that borg is a fork & continuation of it, would be a > good change. > > That might keep new people from installing it, but how would we get > people who have already installed it to uninstall it? Or to see the > message? Gentoo handles this via an internal message system which might or might not be connected to one of their email lists. This way they announce security upgrades, updates, removal notices, etc. Archlinux handles this via an announcement email list as far as I know. Maybe we could implement something similar, maybe file based? I could imagine an mbox/maildir message parser where we could commit message files into the (sub)directory and it gets posted to an announce-guix@gnu.org list AND is also made available via some way associated with the guix package list of current profile or in general via some guix args to be read by everyone, mandatory to keep on track with guix updates etc.. > -- > Efraim Flashner אפרים פלשנר > GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 > Confidentiality cannot be guaranteed on emails sent or received unencrypted -- ng0 For non-prism friendly talk find me on http://www.psyced.org